From 834c9a35ff89196bdf1e7d7ea2fb9b62a0716700 Mon Sep 17 00:00:00 2001 From: lars Date: Fri, 10 Nov 2006 09:05:26 +0000 Subject: [PATCH] make_ssl_cert script added (from former release) --- scripts/debian | 49 ------------------------------------ scripts/make_stunnel_cert.sh | 35 ++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 49 deletions(-) delete mode 100755 scripts/debian create mode 100755 scripts/make_stunnel_cert.sh diff --git a/scripts/debian b/scripts/debian deleted file mode 100755 index 95498a8..0000000 --- a/scripts/debian +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 02005 sense.lab -# -# License: This script is distributed under the terms of version 2 -# of the GNU GPL. See the LICENSE file included with the package. -# -# $Id: cbox-build.sh 336 2005-11-29 22:28:28Z lars $ -# -# build a debian package -# - -set -ue - -# include common functions and settings -source $(dirname $0)/common.sh.inc - -######### some settings ########### -DEB_BUILD_DIR=/tmp/cryptobox-debian-$$ -[ -e "$DEB_BUILD_DIR" ] && rm -rf "$DEB_BUILD_DIR" - -DEB_CONTROL_DIR=$ROOT_DIR/DEBIAN -DEB_PACKAGE_DIR=$ROOT_DIR/packages - -############# do it ############### - -ACTION=build -[ $# -gt 0 ] && ACTION=$1 && shift - -case "$ACTION" in - build ) - svn export "$CBOX_DEVEL_DIR" "$DEB_BUILD_DIR" >/dev/null - svn export "$DEB_CONTROL_DIR" "$DEB_BUILD_DIR/DEBIAN" >/dev/null - fakeroot dpkg-deb --build "$DEB_BUILD_DIR" "$DEB_PACKAGE_DIR" - rm -rf "$DEB_BUILD_DIR" - ;; - check ) - PACKAGE_FILE=$(find "$DEB_PACKAGE_DIR" -type f -name "cryptobox*" | grep "\.deb$" | sort -n | tail -1) - if [ -z "$PACKAGE_FILE" ] - then echo "no debian package found in $DEB_PACKAGE_DIR" - else lintian "$PACKAGE_FILE" - fi - ;; - * ) - echo "Syntax: $(basename $0) [ build | check help ]" - echo - ;; - esac - diff --git a/scripts/make_stunnel_cert.sh b/scripts/make_stunnel_cert.sh new file mode 100755 index 0000000..6792c81 --- /dev/null +++ b/scripts/make_stunnel_cert.sh @@ -0,0 +1,35 @@ +#!/bin/sh +# +# this script creates the stunnel certificate for https +# +# parameter: "destination file" +# +# called by: +# - cbox-manage.sh during network-up if no certificate was found on the config partition +# + +set -eu + +# parse config file +. /etc/cryptobox/cryptobox.conf + + +## vcert values are in openssl.conf +CERTFILE="$1" +TMP_FILE=/tmp/cryptobox-cert.tmp + +[ ! -f "$OPENSSL_CONF_FILE" ] && echo "`basename $0`: $OPENSSL_CONF_FILE not found" && exit 2 +# this command creates the certificate +# this is required, because the certbuilding asks for 5 returns +echo -ne "\n\n\n\n\n" | openssl req -new -x509 -nodes -days 3650 -config "$OPENSSL_CONF_FILE" -out "$CERTFILE" -keyout "$CERTFILE" +chmod 600 "$CERTFILE" + +# next step needs a lot of randomdata +dd if=/dev/urandom of="$TMP_FILE" bs=1024 count=1024 +openssl dhparam -rand "$TMP_FILE" 512 >> "$CERTFILE" +rm "$TMP_FILE" + +#ln -sf ${CERTPATH}stunnel.pem ${CERTPATH}`openssl x509 -noout -hash < "${CERTPATH}stunnel.pem"`.0 + +## print out cert values +#openssl x509 -subject -dates -fingerprint -in stunnel.pem